"Exploiting caching Domain Name System (DNS) servers to break network segregation...". A three part article series [#1] [#2] [#3] and a Github [repo] with PoC code. "DNS vulnerabilities, cache poisoning and DNS tunneling are old news. Your typical DNS tunneling tool ... requires external name server controlled by the attacker. However we were looking for a true peer-to-peer approach that would work even in more challenging environments." It's a bit tedious to read, but seems a fresh (at least to me) take on how to 'exploit' DNS to exfil data from a closed or isolated network or network segment.